Enterprise Security WeeklySubscribe
Vulnerability Management, Compliance Management

SWVHSC: Mapping MITRE ATT&CK to PCI DSS – Jeff Man – ESW #193

MITRE ATT&CK seems to be the “next big thing”. Every time I hear about it I can’t help but wonder, “how do you prevent all these attacks in the first place? Shouldn’t that be the end game?” To that end, I set out to map all the recommended “Mitigations” for all the “Techniques” detailed in ATT&CK to see how many are already addressed by what is required in the Payment Card Industry Data Security Standard (PCI DSS). My hypothesis was all of them. The results were interesting and a little surprising, and I’m still trying to figure out how to best use the results and subsequently ATT&CK itself. I will present my findings in the briefing and hopefully generate a discussion about what to do with the results.

Full episode and show notes

Announcements

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Guest

Sr. InfoSec Consultant at Online Business Sytems

Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon. Currently a Sr. InfoSec Consultant for Online Business Systems.

Hosts

Chief Product Officer at CyberSaint
Principal Security Researcher at Eclypsium

Related

You can skip this ad in 5 seconds